Premium Content

Access "Vulnerability scanners: Not the best tools for network perimeter defense"

Joel Snyder, contributor Published: 04 Mar 2003

To test the value of our five vulnerability analyzers as practical tools for systems managers, we turned them to the very real-world task of tuning our Sourcefire network IDS. We looked at three ways in which we wanted to use VA results to make our IDS more useful. We got mixed results, reflecting the weaknesses the VA tools demonstrated throughout our testing. Nonstandard ports. Sourcefire can look for Web server attacks on any TCP port, but is initially configured with the most common ones--80, 8000 and 8080. Knowing where we have Web servers running would give us a chance to act on alerts before a vulnerable server caused serious problems. It wasn't very easy collecting a list of ports on which our Web servers were running, since our VA tools sort reports either by vulnerability or by host. Only Retina and Nessus found servers on nonstandard ports, so we ran a simple Perl script against their reports written to summarize the Web server results. If we were in a production environment, we would have dumped the events into a database. In the real world, we ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside


More Premium Content Accessible For Free